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DETAILED ACTION 
Claim Rejections - 35 USC§ 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-2, 7, 17-22 are rejected under 35 U.S.C. 102(e) as being anticipated by Ji et 
al(5,889,943). 

3. As per claims 1, 17, Ji discloses method of scanning a communication received at a 
firewall(i.e. proxy) for target content(see col. 3, lines 42-54), wherein the communication is 
directed to one of a set of computer nodes connected to the firewall(see col. 3, lines 42-54, col. 4, 
lines 10-16), maintaining on the firewall a scanning module configured to scan communications 
received at the firewall(see col. 8, lines 63-67, col. 9, lines 1-18); maintaining a set of criteria for 
determining when one of the communications may be scanned at a computer node connected to 
the firewall instead of at the firewall(see col. 9, lines 1-18); partitioning responsibility for 
scanning the communications between the firewall and a first computer node connected to the 
firewall(see col. 9, lines 1-25); receiving a first communication is intended for the first computer 
node(see col. 10, lines 26-30); identifying one or more attributes of the first communication(see 
col. 10, lines 26-30); determining from the criteria and the attributes whether to scan and the first 
communication for target content on the firewall(see col. 8, lines 63-67, col. 9, lines 1-18); 
determining from the criteria and the attributes whether the first computer node is configured to 
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scan the first communication for the target content(see col. 8, lines 63-67, col. 9, lines 1-18); and 
forwarding the first communication to the first computer node; wherein the first computer node 
receives and scans the communication for target content(see col. 9, lines 1-18). 

4. As per claim 2, Ji et al. discloses receiving a second communication at the firewall, 
wherein the second communication is intended for a second computer node(see col. 10, lines 56- 
64); identifying one or more attributes of the second communication(see col. 18, lines 32-54; 
determining from the criteria and the attributes of the second communication whether the second 
computer node is permitted to scan the second communication for predetermined content(see col. 
18, lines 32-67); scanning the second communication at the firewall for the predetermined 
content; and forwarding the second communication to the second computer node; wherein the 
second computer node receives but does not scan the second communication for the 
predetermined content(see col. 18, lines 32-67, col. 19, lines 40-67). 

5. As per claim 7, limitations have already been addressed(see claims 1-2). Further, claim 
7, is rejected for a virus scanner(see col. 9, lines 18-25). 

6. As per claim 18, Ji discloses a first indicator configured to indicate whether a first 
communication scanning module is installed on a firewall(see col. 8, lines 18-30); a second 
indicator configured to indicate whether a second communication scanning module is installed 
on a destination node a communication received at the firewall(see col. 8, lines 18-48); and a set 
of criteria to be applied to the communication to determine if the communication is to be scanned 
for target content at the firewall or at the destination node(see col. 8, lines 18-30), wherein the 
second indicator and the set of criteria are configured during a negotiation process between the 
firewall and the destination node(see col. 17, lines 34-52). 
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7. As per claim 19, Ji discloses a firewall configured to receive a communication from an 
external entity for a first node connected to the firewall(see col. 3, lines 42-54, col. 4, lines 1-16), 
a first proxy module configured to establish a connection to the external entity(see col. 3, lines 
42-54, col. 4, lines 1-16); a first scanning module configured to scan the communication for 
target content(see col. 8, lines 63-67, col. 9, lines 1-18); and a set of rules configured to 
determine whether the communication is to be scanned for the target content on the firewall or 
on the first node(see col. 9, lines 1-18); and a first computer node connected to the firewall 
includes a second scanning modules(see col. 9, lines 1-18), wherein the first computer node 
negotiates with the firewall to configure a first subset of the rules to identify when the first 
computer node shall scan the communication rather than the firewall(see col. 9, lines 1-25); 
wherein a measurement of performance of the firewall is increased as a result of the first node 
scanning one or more communications rather than the firewall(see col. 9, lines 1-18, col. 8, lines 
63-67). 

8. As per claim 20, Ji discloses includes a negotiation module to negotiate with the firewall 
on behalf of multiple scanning modules, including the second scanning module(see col. 9, lines 
1-25). 

9. As per claim 21, Ji discloses wherein the firewall includes a negotiation module to 
negotiate with the first node on behalf of multiple proxies, including the first proxy module(see 
col. 8, lines 63-67, col. 9, lines 1-18). 

10. As per claim 22, Ji discloses a first set of criteria to be applied for all nodes connected to 
the firewall and all communications received at the firewall to determine if a first communication 
received at the firewall for a first destination node connected to the firewall may be scanned for 
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target content by the first destination node rather than the firewall(see col 3, lines 42-54, col. 4, 
lines 10-16, col. 9, lines 1-25); and a second set of criteria to be applied for a subset of all 
communications to determine if the first communication may be scanned for the target content 
by the second destination node rather than the firewall(see col. 8, lines 63-67, col. 9, lines 1-25); 
wherein the second set of criteria are applied by the first proxy module and the subset of all 
communications includes communications formatted according to a predetermined 
communication protocol; and wherein the first set of criteria is applied prior to the second set of 
criteria(see col. 3, lines 42-54, col. 4, lines 10-16, col. 9, lines 1-25). 
11. As per claims 3-6, 8-16 are objected to as being rejected on base claims. Prior art in 
networking nor security discloses specifying a set of criteria to identify when a communication 
may be scanned for target content by the first computer node, and also consulting the operator to 
determine the scanning requirements. Prior art discloses that a node communicates with the 
firewall, and tells the firewall to only forward certain data; however, the data that is transmitted 
is already scanned prior to being forwarded to the user. An example of prior art that does not 
teach the claims above is Segal. Segal discloses that a node communicates with the firewall, and 
tells the firewall to only forward certain data; however, the data that is transmitted is already 
scanned prior to being forwarded to the user. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jenise E. Jackson whose telephone number is (571) 272-3791. 
The examiner can normally be reached on M-Th (6:00 a.m - 3:30 p.m.) alternate Friday's. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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